diff options
author | Florian Dold <florian.dold@gmail.com> | 2013-12-10 11:14:22 +0000 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2013-12-10 11:14:22 +0000 |
commit | f3a98e004caf91688887a01b5fe2ad3f11813238 (patch) | |
tree | 74fc500c7771e38e6cc2f71d18953cdf210a5f9f /src/secretsharing/gnunet-service-secretsharing.c | |
parent | 119237806b48c9220abc1b96b860bb8f7af03417 (diff) | |
download | gnunet-f3a98e004caf91688887a01b5fe2ad3f11813238.tar.gz gnunet-f3a98e004caf91688887a01b5fe2ad3f11813238.zip |
- key generation for secretsharing
- gnunet-ecc -E also prints hex
Diffstat (limited to 'src/secretsharing/gnunet-service-secretsharing.c')
-rw-r--r-- | src/secretsharing/gnunet-service-secretsharing.c | 246 |
1 files changed, 221 insertions, 25 deletions
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c index 4020a554a..6ca0d85f9 100644 --- a/src/secretsharing/gnunet-service-secretsharing.c +++ b/src/secretsharing/gnunet-service-secretsharing.c | |||
@@ -32,7 +32,6 @@ | |||
32 | #include <gcrypt.h> | 32 | #include <gcrypt.h> |
33 | 33 | ||
34 | 34 | ||
35 | |||
36 | /** | 35 | /** |
37 | * Info about a peer in a key generation session. | 36 | * Info about a peer in a key generation session. |
38 | */ | 37 | */ |
@@ -51,7 +50,7 @@ struct KeygenPeerInfo | |||
51 | /** | 50 | /** |
52 | * mu-component of the peer's paillier public key. | 51 | * mu-component of the peer's paillier public key. |
53 | */ | 52 | */ |
54 | gcry_mpi_t paillier_mu; | 53 | gcry_mpi_t paillier_n; |
55 | 54 | ||
56 | /** | 55 | /** |
57 | * The peer's commitment to his presecret. | 56 | * The peer's commitment to his presecret. |
@@ -59,6 +58,17 @@ struct KeygenPeerInfo | |||
59 | gcry_mpi_t presecret_commitment; | 58 | gcry_mpi_t presecret_commitment; |
60 | 59 | ||
61 | /** | 60 | /** |
61 | * The peer's preshare that we could decrypt | ||
62 | * with out private key. | ||
63 | */ | ||
64 | gcry_mpi_t decrypted_preshare; | ||
65 | |||
66 | /** | ||
67 | * Multiplicative share of the public key. | ||
68 | */ | ||
69 | gcry_mpi_t public_key_share; | ||
70 | |||
71 | /** | ||
62 | * GNUNET_YES if the peer has been disqualified, | 72 | * GNUNET_YES if the peer has been disqualified, |
63 | * GNUNET_NO otherwise. | 73 | * GNUNET_NO otherwise. |
64 | */ | 74 | */ |
@@ -93,6 +103,11 @@ struct KeygenSession | |||
93 | struct GNUNET_SERVER_Client *client; | 103 | struct GNUNET_SERVER_Client *client; |
94 | 104 | ||
95 | /** | 105 | /** |
106 | * Message queue for 'client' | ||
107 | */ | ||
108 | struct GNUNET_MQ_Handle *client_mq; | ||
109 | |||
110 | /** | ||
96 | * Randomly generated coefficients of the polynomial for sharing our | 111 | * Randomly generated coefficients of the polynomial for sharing our |
97 | * pre-secret, where 'preshares[0]' is our pre-secret. Contains 'threshold' | 112 | * pre-secret, where 'preshares[0]' is our pre-secret. Contains 'threshold' |
98 | * elements, thus represents a polynomial of degree 'threshold-1', which can | 113 | * elements, thus represents a polynomial of degree 'threshold-1', which can |
@@ -136,7 +151,7 @@ struct KeygenSession | |||
136 | /** | 151 | /** |
137 | * g-component of our peer's paillier private key. | 152 | * g-component of our peer's paillier private key. |
138 | */ | 153 | */ |
139 | gcry_mpi_t paillier_g; | 154 | gcry_mpi_t paillier_lambda; |
140 | 155 | ||
141 | /** | 156 | /** |
142 | * g-component of our peer's paillier private key. | 157 | * g-component of our peer's paillier private key. |
@@ -166,12 +181,12 @@ struct DecryptSession | |||
166 | /** | 181 | /** |
167 | * Decrypt sessions are held in a linked list. | 182 | * Decrypt sessions are held in a linked list. |
168 | */ | 183 | */ |
169 | static struct DecryptSession *decrypt_sessions_head; | 184 | //static struct DecryptSession *decrypt_sessions_head; |
170 | 185 | ||
171 | /** | 186 | /** |
172 | * Decrypt sessions are held in a linked list. | 187 | * Decrypt sessions are held in a linked list. |
173 | */ | 188 | */ |
174 | static struct DecryptSession *decrypt_sessions_tail; | 189 | //static struct DecryptSession *decrypt_sessions_tail; |
175 | 190 | ||
176 | /** | 191 | /** |
177 | * Decrypt sessions are held in a linked list. | 192 | * Decrypt sessions are held in a linked list. |
@@ -298,9 +313,14 @@ normalize_peers (struct GNUNET_PeerIdentity *listed, | |||
298 | * | 313 | * |
299 | * Uses the simplified key generation of Jonathan Katz, Yehuda Lindell, | 314 | * Uses the simplified key generation of Jonathan Katz, Yehuda Lindell, |
300 | * "Introduction to Modern Cryptography: Principles and Protocols". | 315 | * "Introduction to Modern Cryptography: Principles and Protocols". |
316 | * | ||
317 | * @param g g-component of public key | ||
318 | * @param n n-component of public key | ||
319 | * @param lambda lambda-component of private key | ||
320 | * @param mu mu-componenent of private key | ||
301 | */ | 321 | */ |
302 | static void | 322 | static void |
303 | paillier_create (unsigned int s, gcry_mpi_t n, gcry_mpi_t g, gcry_mpi_t lambda, gcry_mpi_t mu) | 323 | paillier_create (gcry_mpi_t g, gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu) |
304 | { | 324 | { |
305 | gcry_mpi_t p; | 325 | gcry_mpi_t p; |
306 | gcry_mpi_t q; | 326 | gcry_mpi_t q; |
@@ -311,9 +331,9 @@ paillier_create (unsigned int s, gcry_mpi_t n, gcry_mpi_t g, gcry_mpi_t lambda, | |||
311 | GNUNET_assert (0 != (tmp = gcry_mpi_new (PAILLIER_BITS))); | 331 | GNUNET_assert (0 != (tmp = gcry_mpi_new (PAILLIER_BITS))); |
312 | 332 | ||
313 | // generate rsa modulus | 333 | // generate rsa modulus |
314 | GNUNET_assert (0 == gcry_prime_generate (&p, s, 0, NULL, NULL, NULL, | 334 | GNUNET_assert (0 == gcry_prime_generate (&p, PAILLIER_BITS / 2, 0, NULL, NULL, NULL, |
315 | GCRY_WEAK_RANDOM, 0)); | 335 | GCRY_WEAK_RANDOM, 0)); |
316 | GNUNET_assert (0 == gcry_prime_generate (&q, s, 0, NULL, NULL, NULL, | 336 | GNUNET_assert (0 == gcry_prime_generate (&q, PAILLIER_BITS / 2, 0, NULL, NULL, NULL, |
317 | GCRY_WEAK_RANDOM, 0)); | 337 | GCRY_WEAK_RANDOM, 0)); |
318 | gcry_mpi_mul (n, p, q); | 338 | gcry_mpi_mul (n, p, q); |
319 | gcry_mpi_add_ui (g, n, 1); | 339 | gcry_mpi_add_ui (g, n, 1); |
@@ -332,6 +352,14 @@ paillier_create (unsigned int s, gcry_mpi_t n, gcry_mpi_t g, gcry_mpi_t lambda, | |||
332 | } | 352 | } |
333 | 353 | ||
334 | 354 | ||
355 | /** | ||
356 | * Encrypt a value using Paillier's scheme. | ||
357 | * | ||
358 | * @param c resulting ciphertext | ||
359 | * @param m plaintext to encrypt | ||
360 | * @param g g-component of public key | ||
361 | * @param n n-component of public key | ||
362 | */ | ||
335 | static void | 363 | static void |
336 | paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t g, gcry_mpi_t n) | 364 | paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t g, gcry_mpi_t n) |
337 | { | 365 | { |
@@ -359,6 +387,14 @@ paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t g, gcry_mpi_t n) | |||
359 | } | 387 | } |
360 | 388 | ||
361 | 389 | ||
390 | /** | ||
391 | * Decrypt a ciphertext using Paillier's scheme. | ||
392 | * | ||
393 | * @param m[out] resulting plaintext | ||
394 | * @param c ciphertext to decrypt | ||
395 | * @param lambda lambda-component of private key | ||
396 | * @param mu mu-component of private key | ||
397 | */ | ||
362 | static void | 398 | static void |
363 | paillier_decrypt (gcry_mpi_t m, gcry_mpi_t c, gcry_mpi_t mu, gcry_mpi_t lambda, gcry_mpi_t n) | 399 | paillier_decrypt (gcry_mpi_t m, gcry_mpi_t c, gcry_mpi_t mu, gcry_mpi_t lambda, gcry_mpi_t n) |
364 | { | 400 | { |
@@ -422,13 +458,18 @@ keygen_round1_new_element (void *cls, | |||
422 | { | 458 | { |
423 | if (0 == memcmp (&d->peer, &ks->info[i].peer, sizeof (struct GNUNET_PeerIdentity))) | 459 | if (0 == memcmp (&d->peer, &ks->info[i].peer, sizeof (struct GNUNET_PeerIdentity))) |
424 | { | 460 | { |
425 | // TODO: check signature and store key data | 461 | // TODO: check signature |
462 | GNUNET_assert (0 == gcry_mpi_scan (&ks->info[i].paillier_g, GCRYMPI_FMT_USG, | ||
463 | &d->pubkey.g, sizeof d->pubkey.g, NULL)); | ||
464 | GNUNET_assert (0 == gcry_mpi_scan (&ks->info[i].paillier_n, GCRYMPI_FMT_USG, | ||
465 | &d->pubkey.n, sizeof d->pubkey.n, NULL)); | ||
466 | GNUNET_assert (0 == gcry_mpi_scan (&ks->info[i].presecret_commitment, GCRYMPI_FMT_USG, | ||
467 | &d->commitment, sizeof d->commitment, NULL)); | ||
426 | return; | 468 | return; |
427 | } | 469 | } |
428 | } | 470 | } |
429 | 471 | ||
430 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity in consensus\n"); | 472 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity in consensus\n"); |
431 | |||
432 | } | 473 | } |
433 | 474 | ||
434 | 475 | ||
@@ -460,39 +501,116 @@ horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t | |||
460 | static void | 501 | static void |
461 | keygen_round2_conclude (void *cls) | 502 | keygen_round2_conclude (void *cls) |
462 | { | 503 | { |
463 | // TODO: recombine shares and send to client | 504 | struct KeygenSession *ks = cls; |
464 | GNUNET_assert (0); | 505 | struct GNUNET_SECRETSHARING_SecretReadyMessage *m; |
506 | struct GNUNET_MQ_Envelope *ev; | ||
507 | unsigned int i; | ||
508 | gcry_mpi_t s; | ||
509 | gcry_mpi_t h; | ||
510 | struct GNUNET_PeerIdentity *pid; | ||
511 | |||
512 | GNUNET_assert (0 != (s = gcry_mpi_new (PAILLIER_BITS))); | ||
513 | GNUNET_assert (0 != (h = gcry_mpi_new (PAILLIER_BITS))); | ||
514 | |||
515 | // multiplicative identity | ||
516 | gcry_mpi_set_ui (s, 1); | ||
517 | |||
518 | pid = (void *) &m[1]; | ||
519 | |||
520 | for (i = 0; i < ks->num_peers; i++) | ||
521 | { | ||
522 | if (GNUNET_NO == ks->info[i].disqualified) | ||
523 | { | ||
524 | gcry_mpi_addm (s, s, ks->info[i].decrypted_preshare, elgamal_p); | ||
525 | gcry_mpi_mulm (h, h, ks->info[i].public_key_share, elgamal_p); | ||
526 | m->num_secret_peers++; | ||
527 | *pid = ks->info[i].peer; | ||
528 | pid++; | ||
529 | } | ||
530 | } | ||
531 | |||
532 | ev = GNUNET_MQ_msg (m, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY); | ||
533 | |||
534 | gcry_mpi_print (GCRYMPI_FMT_USG, (void *) &m->secret, PAILLIER_BITS / 8, NULL, s); | ||
535 | gcry_mpi_print (GCRYMPI_FMT_USG, (void *) &m->public_key, PAILLIER_BITS / 8, NULL, s); | ||
536 | |||
537 | GNUNET_MQ_send (ks->client_mq, ev); | ||
465 | } | 538 | } |
466 | 539 | ||
467 | 540 | ||
541 | /** | ||
542 | * Insert round 2 element in the consensus, consisting of | ||
543 | * (1) The exponentiated pre-share polynomial coefficients A_{i,l}=g^{a_{i,l}} | ||
544 | * (2) The exponentiated pre-shares y_{i,j}=g^{s_{i,j}} | ||
545 | * (3) The encrypted pre-shares Y_{i,j} | ||
546 | * (4) The zero knowledge proof for correctness of | ||
547 | * the encryption | ||
548 | * | ||
549 | * @param ks session to use | ||
550 | */ | ||
468 | static void | 551 | static void |
469 | insert_round2_element (struct KeygenSession *ks) | 552 | insert_round2_element (struct KeygenSession *ks) |
470 | { | 553 | { |
471 | struct GNUNET_SET_Element *element; | 554 | struct GNUNET_SET_Element *element; |
555 | struct GNUNET_SECRETSHARING_KeygenRevealData *msg; | ||
556 | unsigned char *pos; | ||
557 | unsigned char *last_pos; | ||
558 | size_t element_size; | ||
472 | unsigned int i; | 559 | unsigned int i; |
473 | uint16_t big_y_size; | ||
474 | gcry_mpi_t c; | 560 | gcry_mpi_t c; |
475 | gcry_mpi_t idx; | 561 | gcry_mpi_t idx; |
476 | gcry_mpi_t preshare; | 562 | gcry_mpi_t v; |
477 | 563 | ||
478 | GNUNET_assert (0 != (c = gcry_mpi_new (PAILLIER_BITS))); | 564 | GNUNET_assert (0 != (c = gcry_mpi_new (PAILLIER_BITS))); |
479 | GNUNET_assert (0 != (preshare = gcry_mpi_new (PAILLIER_BITS))); | 565 | GNUNET_assert (0 != (v = gcry_mpi_new (PAILLIER_BITS))); |
480 | GNUNET_assert (0 != (idx = gcry_mpi_new (PAILLIER_BITS))); | 566 | GNUNET_assert (0 != (idx = gcry_mpi_new (PAILLIER_BITS))); |
481 | 567 | ||
482 | big_y_size = PAILLIER_BITS / 8 * ks->num_peers; | 568 | element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) + |
569 | 2 * PAILLIER_BITS / 8 * ks->num_peers + | ||
570 | 1 * PAILLIER_BITS / 8 * ks->threshold); | ||
571 | |||
572 | element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + element_size); | ||
483 | 573 | ||
484 | element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + big_y_size); | 574 | msg = (void *) element->data; |
575 | pos = (void *) &msg[1]; | ||
576 | last_pos = pos + element_size; | ||
485 | 577 | ||
578 | // exponentiated pre-shares | ||
579 | for (i = 0; i <= ks->threshold; i++) | ||
580 | { | ||
581 | ptrdiff_t remaining = last_pos - pos; | ||
582 | GNUNET_assert (remaining > 0); | ||
583 | gcry_mpi_set_ui (idx, i); | ||
584 | // evaluate the polynomial | ||
585 | horner_eval (v, ks->presecret_polynomial, ks->threshold, idx, elgamal_p); | ||
586 | // take g to the result | ||
587 | gcry_mpi_powm (v, elgamal_g, v, elgamal_p); | ||
588 | gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v); | ||
589 | pos += PAILLIER_BITS / 8; | ||
590 | } | ||
591 | |||
592 | // exponentiated coefficients | ||
486 | for (i = 0; i < ks->num_peers; i++) | 593 | for (i = 0; i < ks->num_peers; i++) |
487 | { | 594 | { |
488 | gcry_mpi_set_ui (idx, i + 1); | 595 | ptrdiff_t remaining = last_pos - pos; |
489 | horner_eval (preshare, ks->presecret_polynomial, ks->threshold, idx, elgamal_p); | 596 | GNUNET_assert (remaining > 0); |
490 | // concat 'A', 'y' and 'Y' to the vector | 597 | gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p); |
598 | gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v); | ||
599 | pos += PAILLIER_BITS / 8; | ||
491 | } | 600 | } |
492 | 601 | ||
602 | // encrypted pre-shares | ||
493 | for (i = 0; i < ks->threshold; i++) | 603 | for (i = 0; i < ks->threshold; i++) |
494 | { | 604 | { |
495 | // concat 'a' to the vector | 605 | ptrdiff_t remaining = last_pos - pos; |
606 | GNUNET_assert (remaining > 0); | ||
607 | if (GNUNET_YES == ks->info[i].disqualified) | ||
608 | gcry_mpi_set_ui (v, 0); | ||
609 | else | ||
610 | paillier_encrypt (v, ks->presecret_polynomial[0], | ||
611 | ks->info[i].paillier_g, ks->info[i].paillier_g); | ||
612 | gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v); | ||
613 | pos += PAILLIER_BITS / 8; | ||
496 | } | 614 | } |
497 | 615 | ||
498 | GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); | 616 | GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); |
@@ -500,15 +618,75 @@ insert_round2_element (struct KeygenSession *ks) | |||
500 | } | 618 | } |
501 | 619 | ||
502 | 620 | ||
621 | static struct KeygenPeerInfo * | ||
622 | get_keygen_peer_info (const struct KeygenSession *ks, | ||
623 | struct GNUNET_PeerIdentity *peer) | ||
624 | { | ||
625 | unsigned int i; | ||
626 | for (i = 0; i < ks->num_peers; i++) | ||
627 | if (0 == memcmp (peer, &ks->info[i].peer, sizeof (struct GNUNET_PeerIdentity))) | ||
628 | return &ks->info[i]; | ||
629 | return NULL; | ||
630 | } | ||
631 | |||
632 | |||
633 | static void | ||
634 | keygen_round2_new_element (void *cls, | ||
635 | const struct GNUNET_SET_Element *element) | ||
636 | { | ||
637 | struct KeygenSession *ks = cls; | ||
638 | struct GNUNET_SECRETSHARING_KeygenRevealData *msg; | ||
639 | struct KeygenPeerInfo *info; | ||
640 | unsigned char *pos; | ||
641 | unsigned char *last_pos; | ||
642 | gcry_mpi_t c; | ||
643 | |||
644 | msg = (void *) element->data; | ||
645 | pos = (void *) &msg[1]; | ||
646 | // skip exp. pre-shares | ||
647 | pos += PAILLIER_BITS / 8 * ks->num_peers; | ||
648 | // skip exp. coefficients | ||
649 | pos += PAILLIER_BITS / 8 * ks->threshold; | ||
650 | // skip to the value for our peer | ||
651 | pos += PAILLIER_BITS / 8 * ks->local_peer_idx; | ||
652 | |||
653 | last_pos = element->size + (unsigned char *) element->data; | ||
654 | |||
655 | if ((pos >= last_pos) || ((last_pos - pos) < (PAILLIER_BITS / 8))) | ||
656 | { | ||
657 | GNUNET_break_op (0); | ||
658 | return; | ||
659 | } | ||
660 | |||
661 | GNUNET_assert (0 == gcry_mpi_scan (&c, GCRYMPI_FMT_USG, | ||
662 | pos, PAILLIER_BITS / 8, NULL)); | ||
663 | |||
664 | info = get_keygen_peer_info (ks, &msg->peer); | ||
665 | |||
666 | if (NULL == info) | ||
667 | { | ||
668 | GNUNET_break_op (0); | ||
669 | return; | ||
670 | } | ||
671 | |||
672 | paillier_decrypt (info->decrypted_preshare, c, ks->paillier_lambda, ks->paillier_mu, | ||
673 | ks->info[ks->local_peer_idx].paillier_n); | ||
674 | |||
675 | // TODO: validate signature and proofs | ||
676 | |||
677 | } | ||
678 | |||
679 | |||
503 | static void | 680 | static void |
504 | keygen_round1_conclude (void *cls) | 681 | keygen_round1_conclude (void *cls) |
505 | { | 682 | { |
506 | struct KeygenSession *ks = cls; | 683 | struct KeygenSession *ks = cls; |
507 | 684 | ||
508 | // TODO: destroy old consensus | 685 | // TODO: destroy old consensus |
686 | // TODO: mark peers without keys as disqualified | ||
509 | 687 | ||
510 | ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &ks->session_id, | 688 | ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &ks->session_id, |
511 | keygen_round1_new_element, ks); | 689 | keygen_round2_new_element, ks); |
512 | 690 | ||
513 | insert_round2_element (ks); | 691 | insert_round2_element (ks); |
514 | 692 | ||
@@ -516,12 +694,20 @@ keygen_round1_conclude (void *cls) | |||
516 | } | 694 | } |
517 | 695 | ||
518 | 696 | ||
697 | /** | ||
698 | * Insert the ephemeral key and the presecret commitment | ||
699 | * of this peer in the consensus of the given session. | ||
700 | * | ||
701 | * @param ks session to use | ||
702 | */ | ||
519 | static void | 703 | static void |
520 | insert_round1_element (struct KeygenSession *ks) | 704 | insert_round1_element (struct KeygenSession *ks) |
521 | { | 705 | { |
522 | struct GNUNET_SET_Element *element; | 706 | struct GNUNET_SET_Element *element; |
523 | struct GNUNET_SECRETSHARING_KeygenCommitData *d; | 707 | struct GNUNET_SECRETSHARING_KeygenCommitData *d; |
708 | // g^a_{i,0} | ||
524 | gcry_mpi_t v; | 709 | gcry_mpi_t v; |
710 | // big-endian representation of 'v' | ||
525 | unsigned char v_data[PAILLIER_BITS / 8]; | 711 | unsigned char v_data[PAILLIER_BITS / 8]; |
526 | 712 | ||
527 | element = GNUNET_malloc (sizeof *element + sizeof *d); | 713 | element = GNUNET_malloc (sizeof *element + sizeof *d); |
@@ -541,11 +727,11 @@ insert_round1_element (struct KeygenSession *ks) | |||
541 | 727 | ||
542 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | 728 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, |
543 | (unsigned char *) d->pubkey.g, PAILLIER_BITS / 8, NULL, | 729 | (unsigned char *) d->pubkey.g, PAILLIER_BITS / 8, NULL, |
544 | ks->paillier_g)); | 730 | ks->info[ks->local_peer_idx].paillier_g)); |
545 | 731 | ||
546 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | 732 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, |
547 | (unsigned char *) d->pubkey.mu, PAILLIER_BITS / 8, NULL, | 733 | (unsigned char *) d->pubkey.n, PAILLIER_BITS / 8, NULL, |
548 | ks->paillier_mu)); | 734 | ks->info[ks->local_peer_idx].paillier_n)); |
549 | 735 | ||
550 | // FIXME: sign stuff | 736 | // FIXME: sign stuff |
551 | 737 | ||
@@ -572,6 +758,8 @@ static void handle_client_keygen (void *cls, | |||
572 | (const struct GNUNET_SECRETSHARING_CreateMessage *) message; | 758 | (const struct GNUNET_SECRETSHARING_CreateMessage *) message; |
573 | struct KeygenSession *ks; | 759 | struct KeygenSession *ks; |
574 | 760 | ||
761 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "client requested key generation\n"); | ||
762 | |||
575 | ks = GNUNET_new (struct KeygenSession); | 763 | ks = GNUNET_new (struct KeygenSession); |
576 | 764 | ||
577 | GNUNET_CONTAINER_DLL_insert (keygen_sessions_head, keygen_sessions_tail, ks); | 765 | GNUNET_CONTAINER_DLL_insert (keygen_sessions_head, keygen_sessions_tail, ks); |
@@ -583,9 +771,17 @@ static void handle_client_keygen (void *cls, | |||
583 | ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1], ks->num_peers, | 771 | ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1], ks->num_peers, |
584 | &ks->num_peers, &ks->local_peer_idx); | 772 | &ks->num_peers, &ks->local_peer_idx); |
585 | 773 | ||
774 | // TODO: initialize MPIs in peer structure | ||
775 | |||
586 | ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &msg->session_id, | 776 | ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &msg->session_id, |
587 | keygen_round1_new_element, ks); | 777 | keygen_round1_new_element, ks); |
588 | 778 | ||
779 | paillier_create (ks->info[ks->local_peer_idx].paillier_g, | ||
780 | ks->info[ks->local_peer_idx].paillier_n, | ||
781 | ks->paillier_lambda, | ||
782 | ks->paillier_mu); | ||
783 | |||
784 | |||
589 | generate_presecret_polynomial (ks); | 785 | generate_presecret_polynomial (ks); |
590 | 786 | ||
591 | insert_round1_element (ks); | 787 | insert_round1_element (ks); |